Flash as spyware
Ben Scott
dragonhawk at gmail.com
Wed Mar 29 09:59:01 EST 2006
On 3/29/06, Bill McGonigle <bill at bfccomputing.com> wrote:
> Hey, if you're a popular website you could use Flash to store an
> offsite copy of your enterprise backup in your users' Flash cache!
You could do that with HTTP cookies, too.
> Just crypt the data and ship of a hundred K to each user.
Flash cookies are limited in size. I'm not sure exactly what the
limits are. I don't think you should send *that* much data.
See also:
Settings Panel (this brings up Flash's actual config UI for you)
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html
What is a local Shared Object?
http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_16194
What Are Third-Party Local Shared Objects?
http://www.macromedia.com/software/flashplayer/articles/thirdpartylso/
How to manage and disable Local Shared Objects
http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=52697ee8
> Flash has also been used to circumvent pop-up blockers ...
Yup. Or just plain be obnoxious (big flashing ads). I recommend
the FlashBlock and/or NoScript extensions to Firefox.
> ... install spyware.
I'm curious about this one. Source?
> Just in case you haven't heard every version of Flash ever
> released before last week or so has local exploits.
Just like pretty much everything else.
Not really defending Flash so much as pointing out that everything sucks. :-(
I also don't like sensationalizing problems that are really not all
that new to the computer world, or unique to Flash.
> You're auto-updating Flash, right? What do you mean there's no auto-update?
http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=16701594
> I actually hear web designers say, "I can't wait until we don't have to
> use HTML anymore and everything is all Flash".
Must... not... kill...
> I'm interested in what happens to the SVG/Flash rivalry now that Adobe
> owns Macromedia.
As a guess, I'd say we could expect Adobe to sue people for reverse
engineering Flash. :-(
-- Ben
More information about the gnhlug-discuss
mailing list